Samsung Device Health Services Battery Statistics NEW
Samsung Digital Wellbeing Events NEW
Samsung Keyboard Clipboard History NEW
Signal Messages
Snapchat
Facebook Messenger Groups
Installed Applications
iOS
Device Information
Device Wallpapers
iOS Snapshots
Snapchat
TikTok Contacts
WhatsApp Contacts
Brave Bookmarks
Cloud
Google Contacts
macOS
Pictures
Linux
Pictures
Updates to file types in the File system explorer
In this release, we've made the following improvements to the File system explorer:
View previews of Android Binary XML (ABX) files, a file type introduced in Android 12 which has replaced XML data in many artifacts
View .log files in the LevelDB viewer if they are recovered from LevelDB folders in the file system.
Artifacts
Cloud Google Contacts | Cloud: Updated artifact to recover data from Google’s new format.
Device Information | Android: Updated parsing support to recover more significant data, including ICCID, advertising ID, and service provider name.
Device Information | iOS: Updated parsing support to recover more data from UFED Touch iOS images.
Device Wallpapers | iOS: Updated parsing support to recover additional data. [iOS 16]
Facebook Messenger Groups | Android: Updated parsing and carving to improve the recovery of Sender and Participant user names from a chat.
Installed Applications | Android: Updated parsing support to recover Application UID.
iOS Snapshots | iOS: Updated Artifact Reference Guide entry with more information about suspended apps.
Samsung Device Health Services Battery Statistics | Android: Added parsing support for Samsung Device Health Services Battery Statistics.
Samsung Digital Wellbeing Events | Android: Added parsing support for Samsung Digital Wellbeing Events.
Samsung Keyboard Clipboard History | Android: Added parsing support for Samsung Keyboard Clipboard History.
Signal Messages | Android: Updated parsing support to recover lost sender, recipient, and direction data from backups.
Snapchat Chat Messages | Android: Updated parsing support to recover missing attachment files.
Snapchat Stories | Android: Updated parsing support to recover media that was missing in previous versions.
Snapchat | iOS: Updated parsing and carving support to recover the active user name when it has been changed on the device. [12.30.0]
TikTok Contacts | iOS: Updated carving support to recover data from v29.5.0.
WhatsApp Contacts | iOS: Updated parsing support to include whether a contact is a WhatsApp user. -MARS-1180
Pictures | Linux, macOS: Improved carving for pictures. -CARS-423
Brave Bookmarks | iOS: Updated parsing support to recover more data. [v1.43] -MARS-352
Processing
AXIOM Process now includes the option to calculate SHA256 hashes.
AXIOM Process now supports searching of APFS sealed volumes.
Process ID and Process Name columns are now included in the artifact view for YARA rule matches.
Examining
When you open a portable case, the title bar now indicates that it's a portable case, rather than a case open in the full version of AXIOM.
You can now view .log files in the LevelDB viewer if they are recovered from a LevelDB folder in the file system.
You can now view Android Binary XML (ABX) files in the Preview window in the File system explorer.
Bug fixes
Previously, AXIOM Process may have crashed when saving dynamic app finder results when the remove duplicates option is turned off. -ENGN-955
Previously, AXIOM Process may have incorrectly determined a Cellebrite UFD(x) image was corrupted. -ENGN-1557
A flickering issue was appearing when the Media explorer was being viewed on high resolution monitors. -EXM-2358
Sometimes, AXIOM Examine would crash when a case was reopened after ingesting a .txt file. -EXM-2316
When multiple portable cases that both had the same tag were merged back into the original case, the merge of the second portable case would fail. -EXM-1460
When viewing connections, the Attributes filter contained some empty checkboxes. -EXM-2123
Incorrect audio message attachment files were being recovered from Android Skype Activity. [v8.96] -MARS-1151
Plist data was missing from macOS Network Profiles. -COMP-1576 -CARS-41
When a portable case included MPEG4 audio files, the portable case file was unexpectedly large. -MARS-1230
Previously, a change implemented by Google prevented the acquisition of Google Activity data. -CA-1284
Previously, Apple warrant return backups containing no data may have prevented AXIOM from processing the evidence. -CA-555
Previously, AXIOM Process may have crashed while attempting to take an Azure snapshot. -CA-1166
Previously, AXIOM was unable to establish a trust connection to acquire an iCloud backup due to changes made by Apple. -CA-1282
Previously, IMAP/POP email acquisitions may have failed without producing an error. -CA-1193
Sometimes, when filtering by tags in the Email explorer, if the attachments pop-up window was closed or canceled, an error would occur. -EXE-237
When attempting to load an item from a legacy artifact, AXIOM Examine would crash. -EXE-245